This patch adds support for digital signature based integrity appraisal.With this patch, 'security.ima' contains either the file data hash ora digital signature of the file data hash. The file data hash providesthe security attribute of file integrity. In addition to file integrity,a digital signature provides the security attribute of authenticity.

Unlike EVM, when the file metadata changes, the digital signature isreplaced with an HMAC, modification of the file data does not cause the'security.ima' digital signature to be replaced with a hash. As aresult, after any modification, subsequent file integrity appraisalswould fail.

Although digitally signed files can be modified, but by not updating'security.ima' to reflect these modifications, in essence digitallysigned files could be considered 'immutable'.

IMA uses a different keyring than EVM. While the EVM keyring should notbe updated after initialization and locked, the IMA keyring should allowupdating or adding new keys when upgrading or installing packages.

Changelog v3:- Permit files without any 'security.ima' xattr to be labeled properly.